Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 12 Feb 2004 11:54:05 +0200
From:      Ismail YENIGUL <ismail@EnderUNIX.ORG>
To:        roberto@redix.it
Cc:        freebsd-security@freebsd.org
Subject:   Re: Question about securelevel
Message-ID:  <20040212095405.GA47173@EnderUNIX.ORG>
In-Reply-To: <1093.192.168.0.77.1076491786.squirrel@mail.redix.it>
References:  <1093.192.168.0.77.1076491786.squirrel@mail.redix.it>

next in thread | previous in thread | raw e-mail | index | archive | help
Hi
Did you look at securelevel manual
# man securelevel
regards
On Wed, Feb 11, 2004 at 10:29:46AM +0100, roberto@redix.it wrote:
> 
> I've read about securelevel in the mailing list archive, and found some
> pitfalls (and seems to me to be discarded soon).
> 
> But According to me, the following configuration should offer a good
> security:
> 
> - mount root fs read only at boot;
> - set securelevel to 3;
> - do not permit to unmount/remount roots fs read-write (now it is possible
> by means of "mount -uw /");
> - the only way to make change at the file system is to reboot in single
> user, before the securelevel is set to 3, and make the changes needed
> (this means the administrator should use only the console);
> 
> Any comments about?
> 
> Bye,
> Roberto
> 
> 
> 
> _______________________________________________
> freebsd-security@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

-- 

Ismail YENIGUL
http://www.acikkod.com - Acikkod Yayinlari
http://www.EnderUNIX.org
GnuPG Key: http://yenigul.net/ismail.gpg

It takes longer to lose 'x' number of pounds than
to gain 'x' number of pounds.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040212095405.GA47173>